[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   80.917304][   T27] audit: type=1800 audit(1577386519.389:25): pid=9118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   80.937192][   T27] audit: type=1800 audit(1577386519.399:26): pid=9118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   80.976081][   T27] audit: type=1800 audit(1577386519.399:27): pid=9118 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   91.759431][ T9278] ==================================================================
[   91.767801][ T9278] BUG: KASAN: global-out-of-bounds in precalculate_color+0x2154/0x2480
[   91.776046][ T9278] Read of size 1 at addr ffffffff88b3d3f9 by task vivid-000-vid-c/9278
[   91.784302][ T9278] 
[   91.786634][ T9278] CPU: 0 PID: 9278 Comm: vivid-000-vid-c Not tainted 5.5.0-rc3-syzkaller #0
[   91.795351][ T9278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.805441][ T9278] Call Trace:
[   91.808721][ T9278]  dump_stack+0x197/0x210
[   91.813035][ T9278]  ? precalculate_color+0x2154/0x2480
[   91.818389][ T9278]  print_address_description.constprop.0.cold+0x5/0x30b
[   91.825352][ T9278]  ? precalculate_color+0x2154/0x2480
[   91.830749][ T9278]  ? precalculate_color+0x2154/0x2480
[   91.836099][ T9278]  __kasan_report.cold+0x1b/0x41
[   91.841029][ T9278]  ? color_to_ycbcr.isra.0+0x350/0x660
[   91.846476][ T9278]  ? precalculate_color+0x2154/0x2480
[   91.851909][ T9278]  kasan_report+0x12/0x20
[   91.856249][ T9278]  __asan_report_load1_noabort+0x14/0x20
[   91.861869][ T9278]  precalculate_color+0x2154/0x2480
[   91.867056][ T9278]  ? color_to_ycbcr.isra.0+0x660/0x660
[   91.872498][ T9278]  ? __kasan_check_read+0x11/0x20
[   91.877526][ T9278]  ? __kasan_check_read+0x11/0x20
[   91.882537][ T9278]  ? mark_lock+0xc2/0x1220
[   91.886929][ T9278]  ? mark_lock+0xc2/0x1220
[   91.891343][ T9278]  tpg_recalc+0x561/0x2850
[   91.895743][ T9278]  ? __kasan_check_read+0x11/0x20
[   91.900753][ T9278]  ? mark_lock+0xc2/0x1220
[   91.905157][ T9278]  ? cpuacct_charge+0x1db/0x360
[   91.909986][ T9278]  ? __kasan_check_read+0x11/0x20
[   91.914987][ T9278]  ? __lock_acquire+0x16f2/0x4a00
[   91.920009][ T9278]  ? __kasan_check_read+0x11/0x20
[   91.925079][ T9278]  ? tpg_get_color.isra.0+0x300/0x300
[   91.930440][ T9278]  ? mark_lock+0xc2/0x1220
[   91.934861][ T9278]  ? vb2_vmalloc_vaddr+0x37/0x50
[   91.939796][ T9278]  tpg_calc_text_basep+0xa1/0x290
[   91.944813][ T9278]  vivid_fillbuff+0x1a5f/0x3af0
[   91.949670][ T9278]  ? vivid_grab_controls+0x380/0x380
[   91.954951][ T9278]  ? find_held_lock+0x35/0x130
[   91.959789][ T9278]  ? vivid_thread_vid_cap_tick+0x112f/0x2210
[   91.965757][ T9278]  ? lock_downgrade+0x920/0x920
[   91.971740][ T9278]  ? rwlock_bug.part.0+0x90/0x90
[   91.976663][ T9278]  ? v4l2_ctrl_request_setup+0x46c/0xb30
[   91.982291][ T9278]  vivid_thread_vid_cap_tick+0x8cf/0x2210
[   91.988004][ T9278]  ? vivid_thread_vid_cap_tick+0x8cf/0x2210
[   91.993875][ T9278]  ? usleep_range+0x170/0x170
[   91.998570][ T9278]  ? lock_acquire+0x190/0x410
[   92.003235][ T9278]  vivid_thread_vid_cap+0x5d8/0xa60
[   92.008420][ T9278]  kthread+0x361/0x430
[   92.012472][ T9278]  ? vivid_thread_vid_cap_tick+0x2210/0x2210
[   92.018456][ T9278]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   92.024177][ T9278]  ret_from_fork+0x24/0x30
[   92.028594][ T9278] 
[   92.030905][ T9278] The buggy address belongs to the variable:
[   92.036874][ T9278]  kbd_keycodes+0x119/0x760
[   92.041351][ T9278] 
[   92.043658][ T9278] Memory state around the buggy address:
[   92.049269][ T9278]  ffffffff88b3d280: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   92.057321][ T9278]  ffffffff88b3d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   92.065362][ T9278] >ffffffff88b3d380: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
[   92.073417][ T9278]                                                                 ^
[   92.081380][ T9278]  ffffffff88b3d400: 00 00 00 00 07 fa fa fa fa fa fa fa 00 00 00 00
[   92.089429][ T9278]  ffffffff88b3d480: 00 fa fa fa fa fa fa fa 02 fa fa fa fa fa fa fa
[   92.098332][ T9278] ==================================================================
[   92.106367][ T9278] Disabling lock debugging due to kernel taint
[   92.112789][ T9278] Kernel panic - not syncing: panic_on_warn set ...
[   92.119382][ T9278] CPU: 0 PID: 9278 Comm: vivid-000-vid-c Tainted: G    B             5.5.0-rc3-syzkaller #0
[   92.129431][ T9278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.139593][ T9278] Call Trace:
[   92.142871][ T9278]  dump_stack+0x197/0x210
[   92.147180][ T9278]  panic+0x2e3/0x75c
[   92.151096][ T9278]  ? add_taint.cold+0x16/0x16
[   92.156837][ T9278]  ? precalculate_color+0x2154/0x2480
[   92.162187][ T9278]  ? preempt_schedule+0x4b/0x60
[   92.167051][ T9278]  ? ___preempt_schedule+0x16/0x18
[   92.172140][ T9278]  ? trace_hardirqs_on+0x5e/0x240
[   92.177144][ T9278]  ? precalculate_color+0x2154/0x2480
[   92.182507][ T9278]  end_report+0x47/0x4f
[   92.186641][ T9278]  ? precalculate_color+0x2154/0x2480
[   92.192002][ T9278]  __kasan_report.cold+0xe/0x41
[   92.196828][ T9278]  ? color_to_ycbcr.isra.0+0x350/0x660
[   92.202273][ T9278]  ? precalculate_color+0x2154/0x2480
[   92.207804][ T9278]  kasan_report+0x12/0x20
[   92.212168][ T9278]  __asan_report_load1_noabort+0x14/0x20
[   92.217793][ T9278]  precalculate_color+0x2154/0x2480
[   92.222980][ T9278]  ? color_to_ycbcr.isra.0+0x660/0x660
[   92.228419][ T9278]  ? __kasan_check_read+0x11/0x20
[   92.233434][ T9278]  ? __kasan_check_read+0x11/0x20
[   92.238434][ T9278]  ? mark_lock+0xc2/0x1220
[   92.242826][ T9278]  ? mark_lock+0xc2/0x1220
[   92.247231][ T9278]  tpg_recalc+0x561/0x2850
[   92.251623][ T9278]  ? __kasan_check_read+0x11/0x20
[   92.256638][ T9278]  ? mark_lock+0xc2/0x1220
[   92.261047][ T9278]  ? cpuacct_charge+0x1db/0x360
[   92.265874][ T9278]  ? __kasan_check_read+0x11/0x20
[   92.270874][ T9278]  ? __lock_acquire+0x16f2/0x4a00
[   92.275875][ T9278]  ? __kasan_check_read+0x11/0x20
[   92.280879][ T9278]  ? tpg_get_color.isra.0+0x300/0x300
[   92.286233][ T9278]  ? mark_lock+0xc2/0x1220
[   92.290642][ T9278]  ? vb2_vmalloc_vaddr+0x37/0x50
[   92.295554][ T9278]  tpg_calc_text_basep+0xa1/0x290
[   92.300558][ T9278]  vivid_fillbuff+0x1a5f/0x3af0
[   92.305401][ T9278]  ? vivid_grab_controls+0x380/0x380
[   92.310669][ T9278]  ? find_held_lock+0x35/0x130
[   92.315418][ T9278]  ? vivid_thread_vid_cap_tick+0x112f/0x2210
[   92.321373][ T9278]  ? lock_downgrade+0x920/0x920
[   92.326199][ T9278]  ? rwlock_bug.part.0+0x90/0x90
[   92.331128][ T9278]  ? v4l2_ctrl_request_setup+0x46c/0xb30
[   92.336739][ T9278]  vivid_thread_vid_cap_tick+0x8cf/0x2210
[   92.342440][ T9278]  ? vivid_thread_vid_cap_tick+0x8cf/0x2210
[   92.348315][ T9278]  ? usleep_range+0x170/0x170
[   92.352984][ T9278]  ? lock_acquire+0x190/0x410
[   92.357660][ T9278]  vivid_thread_vid_cap+0x5d8/0xa60
[   92.362836][ T9278]  kthread+0x361/0x430
[   92.366898][ T9278]  ? vivid_thread_vid_cap_tick+0x2210/0x2210
[   92.372953][ T9278]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   92.378728][ T9278]  ret_from_fork+0x24/0x30
[   92.384577][ T9278] Kernel Offset: disabled
[   92.388911][ T9278] Rebooting in 86400 seconds..